I had a great time at this, i'm no gentoo dev but from the pictures the gentoo-meet-and-greet seemed to do well, too bad i couldnt have been there. I only went up the first day of the expo and i guess things got much better the later days.
On Sun, 2005-02-20 at 19:14 -0500, Aron Griffis wrote: > Brian Harring wrote: [Sun Feb 20 2005, 05:33:40PM EST] > > Err... enforcement in terms of forcing devs to sign everything? > > That is only part of the pie. Take a _hard_ look at eclasses. > > Then, take an even _harder_ look at profile bashrc's, and what they > > technically are capable of, and the fact that all installations use > > a profile (atm, there isn't a common profile that all inherit from, > > but at some point it may occur). > > Oh yeah. I, um, forgot all that ;-) > > > So yeah. Assuming glep33 is greenlighted (a touch up will be posted > > in the next few days of it), eclass/elib signing I'll be handling. > > Profile signing is another beast that's needed, and help would be > > appreciated (as always, clean patches/discussion of how to do it > > properly/etc is always welcome). > > > > Beyond that, to save the portage devs sanity from people screaming > > "SHA1 is broken!" (it's not, just weakened), I'll be looking at > > centralizing, and making the digest code a bit more pluggable- > > basically do a handler setup, mapping a CHF to a function... > > Cool, thanks for the reminder/update on these issues. Regarding > profile signing... how about putting a (signed) manifest in each > directory under portage/profiles? Only stuff in the immediate > directory would be included, not the subdirs. > > Regards, > Aron > > -- > Aron Griffis > Gentoo Linux Developer >
signature.asc
Description: This is a digitally signed message part
